CyberSecurityBoard
Sponsor Register Login

Researcher Criticizes Microsoft Over Video Requirement for Bug Reports

A well-known vulnerability analyst has publicly criticized the Microsoft Security Response Center (MSRC) for refusing to process a detailed bug report without a proof-of-concept (POC) video. He noted that requiring POC videos is not standard practice across the industry; organizations like CISA and the UK’s National Cyber Security Centre (NCSC) typically accept written reports with optional supplementary files. The incident underscores broader concerns about how technology companies handle vulnerability disclosures and engage with security researchers. Will Dormann, a senior principal vulnerability analyst, reported a bug to MSRC with a clear written explanation and supporting screenshots. The cybersecurity community has largely sided with Dormann, emphasizing that clear written documentation should suffice for vulnerability disclosures. Dormann expressed frustration over this demand, pointing out that the video would merely replicate the actions already depicted in his screenshots, typing commands and observing Windows responses on the screen. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The incident has sparked debate within the cybersecurity community about the necessity of video submissions for vulnerability disclosures. Ironically, when Dormann attempted to upload the video to Microsoft’s portal, the submission failed due to a 403 error. Dormann further elaborated on his frustrations via social media, stating that researchers who take time to report vulnerabilities deserve better treatment. He revealed that two of his recent reports were delayed due to MSRC’s insistence on video evidence, while another was outright rejected without proper review. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 11:00:06 +0000


Cyber News related to Researcher Criticizes Microsoft Over Video Requirement for Bug Reports

Researcher Criticizes Microsoft Over Video Requirement for Bug Reports - A well-known vulnerability analyst has publicly criticized the Microsoft Security Response Center (MSRC) for refusing to process a detailed bug report without a proof-of-concept (POC) video. He noted that requiring POC videos is not standard practice ...
1 month ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
5 Valuable Skills Kids Can Gain by Playing Video Games - Video games come in all shapes and sizes and can be very educational for children of all ages. Video games can provide children with valuable skills that can help them in their everyday lives. From problem-solving abilities to self-control, learning ...
2 years ago Welivesecurity.com
WebRTC vs. RTSP: Understanding the IoT Video Streaming Protocols - At the moment, there is a constantly increasing number of smart video cameras collecting and streaming video throughout the world. Here's what you need to know about WebRTC vs. RTSP and their suitability for various streaming needs. The Basics of ...
1 year ago Feeds.dzone.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
1 year ago Bleepingcomputer.com Inception Hunters
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
Hacker Conversations: Runa Sandvik - The driving motivation for almost all cybersecurity researchers is an insatiable curiosity - it's like an itch that must be scratched. How that itch is scratched is the difference between different researchers. Runa Sandvik describes herself as a ...
1 year ago Securityweek.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
1 month ago Bleepingcomputer.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
1 year ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
1 year ago Packetstormsecurity.com
Using Wazuh SIEM and XDR Platform to Achieve PCI DSS Compliance - The Payment Card Industry Data Security Standard (PCI DSS) is a compliance standard that specifies security requirements for organizations that process, store, and transmit card data. Adhering to regulatory compliance is essential as it helps ...
2 years ago Bleepingcomputer.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
10 months ago Packetstormsecurity.com Hunters
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29
FBI Director: FISA 702 warrant requirement 'de facto ban' The Register - FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702. This controversial ...
1 year ago Theregister.com
Investigator Gains Unauthorized Access to Toyota Supplier Database Containing Data on 14000 Associates - Toyota's Global Supplier Preparation Information Management System (GSPIMS) was recently breached by a security researcher who responsibly reported the issue to the company. GSPIMS is a web application that allows employees and suppliers to remotely ...
2 years ago Bleepingcomputer.com
Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
1 year ago Darkreading.com OilRig
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
The Benefits of Video Conferencing with iMind: Exploring the Positive Impacts - Video conferencing with iMind is a great way to leverage the benefits of remote communication for employees and businesses alike. From increasing collaboration and flexibility to cost-savings and improved time management, the advantages of video ...
2 years ago Hackread.com
New Windows 11 trick lets you bypass Microsoft Account requirement - Last week, Microsoft removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the Microsoft Account requirement when installing the operating system. At this prompt, type start ms-cxh:localonly and press ...
2 weeks ago Bleepingcomputer.com
Americans lost record $10 billion to fraud in 2023, FTC warns - The U.S. Federal Trade Commission says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. To put this into context, Chainalysis says ransomware gangs also had a record year, ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)